Telewell TW-EA510v4 Router Manual PDF (Setup & Configuration Guide)

Page 66 / 110 Scroll up to view Page 61 - 65

TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router

Chapter 4: Configuration

65

Table 2: Hacker attack types recognized by the IDS

Intrusion Name

Detect Parameter

Blacklist

Type of Block

Duration

Drop Packet Show Log

Ascend Kill

Ascend Kill data

Src IP

DoS

Yes

WinNuke

TCP

Port 135, 137~139,

Flag: URG

Src IP

DoS

Yes

Smurf

ICMP type 8

Des IP is broadcast

Dst IP

Victim

Protection

Yes

Land attack

SrcIP = DstIP

Yes

Echo/CharGen Scan

UDP Echo Port and

CharGen Port

Yes

Echo Scan

UDP

Dst

Port

=

Echo(7)

Src IP

Scan

Yes

CharGen Scan

UDP

Dst

Port

=

CharGen(19)

Src IP

Scan

Yes

X’mas Tree Scan

TCP Flag: X’mas

Src IP

Scan

Yes

IMAP

SYN/FIN Scan

TCP Flag: SYN/FIN

DstPort: IMAP(143)

SrcPort: 0 or 65535

Src IP

Scan

Yes

SYN/FIN/RST/ACK

Scan

TCP,

No Existing session

And

Scan

Hosts

more than five.

Src IP

Scan

Yes

Net Bus Scan

TCP

No Existing session

DstPort = Net Bus

12345,12346, 3456

SrcIP

Scan

Yes

Back Orifice Scan

UDP,

DstPort

=

Orifice Port (31337)

SrcIP

Scan

Yes

SYN Flood

Max

TCP

Open

Handshaking Count

(Default 100 c/sec)

Yes

ICMP Flood

Max

ICMP

Count

(Default 100 c/sec)

Yes

ICMP Echo

Max PING Count

(Default 15 c/sec)

Yes

Src IP

: Source IP

Src Port

: Source Port

Dst Port

: Destination Port

Dst IP

: Destination IP

Page 67 / 110

TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router

Chapter 4: Configuration

66

URL Filter

URL (Uniform Resource Locator – e.g. an address in the form of

http://www.abcde.com

or

http://www.example.com

) filter rules allow you to prevent users on your network from accessing

particular websites by their URL. There are no pre-defined URL filter rules; you can add filter rules to

meet your requirements.

Enable/Disable:

To enable or disable URL Filter feature.

Block Mode:

A list of the modes that you can choose to check the URL filter rules. The default is set to

Always On.

±

Disabled:

No action will be performed by the Block Mode.

±

Always On:

Action is enabled.

URL filter rules will be monitoring and checking at all hours of the

day.

±

TimeSlot1 ~ TimeSlot16:

It is self-defined time period.

You may specify the time period to check

the URL filter rules, i.e. during working hours. For setup and detail, refer to

Time Schedule

section.

Keywords Filtering:

Allows blocking by specific keywords within a particular URL rather than having to

specify a complete URL (e.g. to block any image called “advertisement.gif”). When enabled, your

specified keywords list will be checked to see if any keywords are present in URLs accessed to

determine if the connection attempt should be blocked. Please note that the URL filter blocks web

browser (HTTP) connection attempts using port 80 only.

For example

, if the URL is

http://www.abc.com/abcde.html

, it will be dropped as the keyword “abcde”

occurs in the URL.

Domains Filtering:

This function checks the whole URL not the IP address, in URLs accessed against

your list of domains to block or allow.

If it is matched, the URL request will be sent (Trusted) or dropped

(Forbidden).

For this function to be activated, both check-boxes must be checked.

Here is the checking

procedure:

Page 68 / 110

TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router

Chapter 4: Configuration

67

1. Check the domain in the URL to determine if it is in the trusted list. If yes, the connection attempt

is sent to the remote web server.

2. If not, check if it is listed in the forbidden list.

If yes, then the connection attempt will be dropped.

3. If the packet does not match either of the above two items, it is sent to the remote web server.

4. Please be note that the completed URL, “www” + domain name shall be specified. For example

to block traffic to

www.google.com.au

, enter “

www.google

” or “

www.google.com

”

In the example below, the URL request for

www.abc.com

will be sent to the remote web server because

it is listed in the trusted list, whilst the URL request for

www.google

or

www.google.com

will be dropped,

because

www.google

is in the forbidden list.

Example

:

Andy wishes to disable all WEB traffic except for ones listed in the trusted domain, which

would prevent Bobby from accessing other web sites.

Andy selects both functions in the

Domain

Filtering

and thinks that it will stop Bobby.

But Bobby knows this function,

Domain Filtering

, ONLY

disables all WEB traffic except for

Trusted Domain,

BUT not its

IP address.

If this is the situation,

Block surfing by IP address

function can be handy and helpful to Andy.

Now, Andy can prevent

Bobby from accessing other sites.

Restrict URL Features:

This function enhances the restriction to your URL rules.

±

Block Java Applet:

This function can block Web content that includes the Java Applet. It is to

prevent someone who wants to damage your system via standard HTTP protocol.

±

Block surfing by IP address:

Preventing someone who uses the IP address as URL for

skipping Domains Filtering function.

Activates only and if Domain Filtering enabled.

Page 69 / 110

TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router

Chapter 4: Configuration

68

IM / P2P Blocking

IM, short for Instant Message, is required to use client program software that allows users to

communicate, in exchanging text message, with other IM users in real time over the Internet.

A P2P

application, known as Peer-to-peer, is group of computer users who share file to specific groups of

people across the Internet.

Both Instant Message and Peer-to-peer applications make communication

faster and easier but your network can become increasingly insecure at the same time. TeleWell IM and

P2P blocking helps users to restrict LAN PCs to access to the commonly used IM, Yahoo and MSN, and

P2P, BitTorrent and eDonkey, applications over the Internet.

Instant Message Blocking:

The default is set to

Disabled.

±

Disabled:

Instant Message blocking is not triggered. No action will be performed.

±

Always On:

Action is enabled.

±

TimeSlot1 ~ TimeSlot16:

This is the self-defined time period.

You may specify the time period

to trigger the blocking, i.e. during working hours. For setup and detail, refer to

Time Schedule

section.

Yahoo/MSN Messenger:

Check the box to block either or both Yahoo or/and MSN Messenger.

To be

sure you enabled

the

Instant Message Blocking

first.

Peer to Peer Blocking:

The default is set to

Disabled.

±

Disabled:

Instant Message blocking is not triggered. No action will be performed.

±

Always On:

Action is enabled.

±

TimeSlot1 ~ TimeSlot16:

This is the self-defined time period.

You may specify the time period

to trigger the blocking, i.e. during working hours. For setup and detail, refer to

Time Schedule

section.

BitTorrent / eDonkey:

Check the box to block either or both Bit Torrent or/and eDonkey.

To be sure

you enabled

the

Peer to Peer Blocking

first.

Page 70 / 110

TW-EA510 version 4 ADSL2+, WLAN 802.11g, VPN, Firewall Router

Chapter 4: Configuration

69

Firewall Log

Firewall Log display log information of any unexpected action with your firewall settings.

Check the

Enable

box to activate the logs.

Log information can be seen in the

Status – Event Log

after enabling.

Rate

Popular Telewell Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share